Revisiting Past Decisions

Goals

This proposal addresses the following goals:

User awareness of security information

Use Case

See use case 18.

Overview

Security decisions made interactively often become persistent, and affect a user's security context. Current web user agent user interfaces do not enable users to understand to what extent their user agent's presentation of security context information depends on decisions that were entered interactively, and which might therefore be more prone to error than trust decisions that are part of software as shipped.

Conformance Requirement

User agents MUST enable users to access a history of interactive security decisions that affect the user agent's interpretation and presentation of the user's current security context. User agents MUST enable users to revert such decisions.

Implementation techniques

Interactive security decisions are not made persistent beyond a single interaction.

Interactive operation that enable the user to inquire about the reasons for the Web user agent's current assessment of the user's security context.

Distinct presentation of trust states if a trust decision was interactively (or recently) entered by the user, and affects the current security context.

Availability of an overall log of trust decisions entered interactively.

Ability to change security decision.

Ability to reset to default setting.

Dependencies

User agent configuration

Client state, as far as it is affected by user decisions

Note that this suggests adding "user's past trust decisions" to the available context information.

Expected user behavior

A core assumption of this requirement is that users might make trust decisions interactively, and that these decisions are error-prone. The aim of this scenario is to give users a possibility to find out what trust decisions they -- consciously or inadvertently -- made in the past, and to let them revisit these decisions at a later stage.

Disruption

Compliance with this requirement does not necessarily lead to a change in the user's everyday browsing experience.

Background

Interactive security decisions are known to be error-prone, yet they often become persistent and influence future browser behavior.

MEZ asked what the relationship was with possible "drill-down" related requirements from the accessibility community. That's unknown at this point, and no action item was issued to follow up.

Johnathan indicated that he likes the distinction between "native trust" and personal overrides.

Johnathan asked whether the proposal was to have an overall log of decisions; Thomas indicated that that might be valuable, but that the key part was getting a sense of where trust in the current context comes from.